November 10, 2014
By Shane Schick 2 min read

Apple may have managed to thwart the WireLurker Trojan targeting iOS devices, but an earlier version that used Windows malware suggests the attacks are more widespread than previously believed.

In a prepared statement sent to The Wall Street Journal, Apple said it has blocked iOS apps available in a Chinese app store that carried WireLurker, which waits for an iPhone or iPad to be activated and then steals data. The company suggested consumers only obtain iOS apps through “trusted sources” such as its own App Store.

This type of Trojan is aimed at non-jailbroken iOS devices and uses binary file replacement to automatically generate malicious iOS apps, according to a research paper from Palo Alto Networks, which first revealed the Trojan. USB sticks are used to spread the attacks, which is unusual for OS X and iOS security, the researchers said.

The Palo Alto Networks paper also reported that while the creators’ goal is not yet clear, the Trojan is capable of stealing a variety of information and can monitor any iOS device connected via USB to an infected OS X computer.

AppleInsider said hundreds of thousands of users may already have been affected by WireLurker after nearly 470 infected apps were downloaded more than 350,000 times via the China-based Maiyadi App Store.

Even before the attacks on Mac computers surfaced, a variant of WireLurker was using Windows malware, according to a story on ZDNet that quoted researchers from AlienVault Labs. The attackers advertise the Windows malware as pirated versions of popular iOS apps such as Flappy Bird, Minecraft and Facebook, and was hosted on Baidu, a public-cloud search engine in China.

This means that while Apple may have revoked the certificate as part of its enterprise provisioning feature to wipe out WireLurker, the Trojan could be easily revived and may use alternative channels to find its next victims.

A story on Tom’s Guide warned that the Trojan’s creators could easily set up a new command-and-control server or use an alternative certificate.

Besides encouraging users to avoid third-party iOS app stores and to be careful about connecting devices to untrusted Mac computers, a free online tool is available on GitHub to detect WireLurker and hopefully contain the worst of the damage.

 |  |  |  |  | 
Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.

More from

News   March 27, 2023

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

Risk Management   March 27, 2023

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

Risk Management   March 24, 2023

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Threat Research   March 23, 2023

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature